Boris Zbarsky <bzbar...@mit.edu> writes: > This is no an out-of-spec input. It's a quite specified input.
Not sure I want to get into the weeds on this one, but I have put "out-of-spec" in quotes because I think "specifications" are mythical creatures. What is claimed in this case by the referenced web page is that Firefox and Opera treat multipart/mixed differently. So either Firefox is "out-of-spec" wrt the input, or Opera is, or both are, or the "specification" is ambiguous. In any case, a general defense is difficult. -Trevor _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
